Top 10 Best Practices for Managing the Risk of Cloud Services

 Cloud Computing Services  Comments Off on Top 10 Best Practices for Managing the Risk of Cloud Services
Aug 142013
 

Best Practices for Managing the Risk of Cloud Services

Author: skyhighnetworks

The number and variety of cloud services offered to enterprises is growing at a staggering rate, and the adoption of cloud services by these enterprises is growing just as rapidly.  Gartner says that 72of enterprises use Software as a Service (SaaS) today and expect a Compound Annual Growth Rate for SaaS of 52.4off the current base of $14.5B.  What’s more startling is how much spending on cloud services occurs outside of IT.  Gartner predicted that a full 35of IT spending would take place outside of IT by 2015 – only two years away. By the end of the decade, that figure will hit 90  This segment of cloud services purchased outside of IT is often referred to as ‘Shadow IT’.

Top 10 Best Practices for Managing the Risk of Cloud Services www.TheCloudComputingAustralia.com-185

Top 10 Best Practices for Managing the Risk of Cloud Services

Enterprise employees purchase cloud services for a variety of reasons.  They provide rapid scalability, reduce time-to-value, offer agility and ease of use, and enable a shift from capital expenditure to operating expenditure.  However, use of these services can come with significant security, legal, and business risks, especially when they are procured and managed outside of IT’s visibility and control.  In this whitepaper, we will share the best practices used by real companies to reduce the risk presented by the use of approved and unapproved (Shadow IT) cloud services.

Top 10 Best Practices for Managing the Risk of Cloud Services

1. Identify all cloud services in use & evaluate risk

2. Block all high-risk services & suggest lower-risk alternatives

3. Confirm all corporate data removed from newly-blocked services

4. Alert employees using recently compromised services

5. Detect and remediate policy inconsistencies

6. Search for anomalies in user behavior

7. Conduct investigations into anomalous behaviors i.e. cloud usage patterns

8. Encrypt data going to key services

9. Use Data loss prevention software (DLP) to avoid compliance risk

10.  Track progress regularly

Leading companies in a variety of industries have reduced their cloud services risk through the use of the Cloud Services Manager. By implementing the best technology and leveraging these proven best practices, you can help your organization safely deploy, use, and manage cloud services leading to increased agility, scalability, and ease of use, and decreased overall costs for your IT and Security departments.

Enterprise employees purchase cloud services for a variety of reasons.  They provide rapid scalability, reduce time-to-value, offer agility and ease of use, and enable a shift from capital expenditure to operating expenditure.  However, use of these services can come with significant security, legal, and business risks, especially when they are procured and managed outside of IT’s visibility and control.  In this whitepaper, we will share the best practices used by real companies to reduce the risk presented by the use of approved and unapproved (Shadow IT) cloud services.

Article Source: http://www.articlesbase.com/security-articles/best-practices-for-managing-the-risk-of-cloud-services-6702284.html

About the Author

This article has been brought to you by the Skyhigh Networks cloud visibility and control company. We are leader in helping accelerate the safe and profitable adoption of cloud service by businesses and also we use Data Loss Prevention Software(DLP) to avoid compliance risk.  For more information on Cloud Security services, call Skyhigh Networks experts at 1.866.727.8383, or visit http://www.skyhighnetworks.com.

Steps to Safe Cloud Services Adoption

 Cloud Computing Security  Comments Off on Steps to Safe Cloud Services Adoption
Aug 142013
 

Steps to Safe Cloud Services Adoption

Author: skyhighnetworks

Enterprises Cloud SaaS and IaaS are an unstoppable force sweeping through organizations large and small at a breakneck pace. The rapid adoption has allowed anyone in an organization with a Web browser and an Internet connection to take over (and pay for) traditional IT department functions such as email, storage and backup, and collaboration tools. As a result of this rapid shift, IT consultancy Gartner estimates that by 2015, 35of IT spending will come from budgets outside of the IT department. That figure will grow to 90by the end of the decade.  The benefits of these fast-growing cloud services are undeniable and include service agility; wider choice of products; ease of collaboration; fast, cheap deployment, and swapping fixed capital expenditures for variable operating costs that can be ratcheted up or down to meet demand. While enterprises have long leveraged traditional cloud services such as Salesforce.com and Office 365, employees increasingly use popular but lesser known services, such as Evernote (social bookmarking and document sharing) and Prezi (online presentation tools). They also log into SaaS services while at work for personal needs including photo sharing (Instagram), and social media (Twitter). To quickly build and test applications, developers at enterprises rely on cloud IaaS products such as Amazon Web Services, Rackspace and Heroku. From developers to marketers to salespeople, employees are accessing and using these cloud services with or without their IT department’s permission or knowledge.

Steps to Safe Cloud Services Adoption www.TheCloudComputingAustralia.com-184

Steps to Safe Cloud Services Adoption

Few, if any, CIOs know exactly how many services are in use on their networks, let alone which services are in use. According to a Jan. 2013 survey undertaken by Symantec[2], 77of businesses have suffered rogue cloud deployments or unauthorized uses of cloud services. This lack of information means that IT organizations have no way to secure their networks against risky services or manage and mandate safe cloud service use by employees. IT organizations also struggle to maintain cost control over cloud services and to unify cloud service usage under more economical enterprise-wide contracts.  Some of the world’s largest financial, health care and technology enterprises have successfully deployed Skyhigh Networks\’ Cloud Services Manager product suite to leverage the benefits of cloud services and manage employee usage while minimizing the security risks and controlling costs.

Gain Visibility

The first step towards controlling cloud service usage and minimizing cloud services risk is to gain complete visibility into which services employees are already using. This is no simple task. Estimates of the total number of cloud services functioning right now range from ~2000 to over 5,000. New cloud services emerge every day. Any new application coming onto the market has a significant cloud component for backup and synchronization, at a minimum. It is also important to understand the breadth of the cloud services universe. For example, if an employee visits a popular industry blog and writes a comment, chances are that the employee has registered and then logged into Disqus, the most popular blog commenting platform. Disqus is actually a cloud service. An employee working on an open source software project probably uses the GitHub repository system to store source code. This is another major cloud service that flies under the radar.  Popularity of cloud services varies significantly by region and by platform. While DropBox is a popular sharing platform in the U.S., in Eastern Europe a service called 4Share is far more popular. For these reasons, establishing a solid cloud services policy and management strategy requires complete visibility and understanding of cloud service usage.

The only way to attain this visibility is through detailed log-file analysis, mapping back services accessed to business units and individual users. Initially, this is a ‘snapshot’ that provides a baseline of cloud services accessed by employees. Log-file analysis alone is not sufficient. The analysis must be pushed into a simple-to-consume dashboard that allows lesser trained IT administrators to view a list of all services running and key details about those services (type of service, location of physical servers, potential risks of service, etc). For any cloud services management strategy to remain effective over extended periods, the snapshotting process must be moved towards a regularly discovery period done weekly, daily, hourly or even in real-time. This is essential because the cloud services landscape is evolving very quickly and a log-file analysis has a very short half-life both in terms of services accessed but also risk profiles of the specific services and even service details (ports accessed, types of service calls, communications protocols used).

Gain Service Insight and Analysis

The second step towards putting in place a strong cloud services management strategy is gaining insights into which services present the most risks. This is possible and relatively simple once an IT organization has obtained full discovery of all services in use. At that point, the IT security team should bucket the services into broad categories in order to compare similar services and perform comparative risk analyses. For example, employees in one unit may be using Box.net while those in another use Google Drive while those in another use SugarSync and 4Share. Box.net may present a very low risk while 4Shared is a very high risk. SugarSync, in comparison may be an acceptable risk. Once those risk assessments are completed, IT and cloud security services managers should identify the services with the lowest risk in a category and consider establishing a commercial relationship with the provider. With or without such a relationship, the IT security team can promote the lesser risk services across your employee pool while discouraging or blocking the use of higher risk services in the same category.  Just like the log-file analysis and visibility exercises, cloud services risk assessment is a continuous activity that may require temporary halts or lockdowns on specific services. For example, the recent password breach at Evernote increased risk of that service until the breach was addressed.[3] Enterprises using Evernote should have reassessed their Evernote usage to minimize their risk exposure.

Article Source: http://www.articlesbase.com/security-articles/steps-to-safe-cloud-services-adoption-6709989.html

About the Author

By sequentially following the methodology explained in this article, CIOs can quickly gain control of their cloud services exposure. More importantly, CIOs can transform their role inside the organization from that of a naysayer to a business enabler and an inclusive contributor to improved business operations via smarter cloud services usage and proactive cloud service selection.  A well-executed cloud services strategy, used in conjunction with specialized tools such as Skyhigh Networks’ Cloud Security Manager, can deliver significant business benefits while actually improving enterprise IT security through full transparency and visibility. for more details visit http://www.skyhighnetworks.com/

How to protect encrypt data and avoid data loss prevention on cloud

 Cloud Computing Security  Comments Off on How to protect encrypt data and avoid data loss prevention on cloud
Aug 142013
 

How to protect encrypt data and avoid data loss prevention on cloud

Author: skyhighnetworks

Detect and remediate policy inconsistencies

Policy inconsistencies can occur in two ways.  In the first type of inconsistency, there is a high-risk service that is allowed, while another, lower risk service is blocked.  In this instance, make a policy decision to block both, allow both, or allow only the lower risk service.  All three options would eliminate the inconstancy, but you will need to determine which option makes the most sense for your business.

How to protect encrypt data and avoid data loss prevention on cloud www.TheCloudComputingAustralia.com-183

How to protect encrypt data and avoid data loss prevention on cloud

The second type of inconsistency occurs when a service is partially blocked.  Sometime there is a legitimate reason for this type of inconsistency (e.g. Marketing needs access to Facebook but other departments do not.  More often than not, this type of inconsistency occurs because the infrastructure cannot keep up with the velocity of new cloud services being introduced and used by employees and therefore many service fall in the unclassified category.  Using a cloud service management product that has an extensive registry of services and automatically visualizes allowed vs. denied traffic will make identifying both types on inconsistencies simple and will allow you to easily monitor progress resolving the inconsistencies.

Search for anomalies in user behaviour

When working to reduce the risk of cloud services, much attention is paid to the risk profile of the cloud services themselves.  However, often times perfectly safe and secure cloud services can be the source of a data leak if an internal employee is acting maliciously.  Unfortunately, no proxy, firewall, or SIEM can alert the organization of malicious use of a legitimate service.  So, the best practice is to leverage a cloud services management product that has the ability to identify usage anomalies that are indicative of malicious behaviour.

Conduct investigations into anomalous behaviours

While a cloud service anomaly, such as the Twitter example mentioned above, is a very good indicator of malicious behaviour, and investigation must be conducted in order to determine the context and intent of the anomalous behaviour.  For example, the user associated with the IP address that had 1M tweets may have simply contracted a malware virus that had seized her Twitter account, or she could have been intentionally leaking confidential data.  In most cases, the best practices is to look for a legitimate business use case, compare their activity to benchmarks, and then contact the line of business manager and corporate security to alert them of the issue, monitor their activity, and intervene if needed.

Encrypt data going to key services

It is prudent to add another layer of security to the most critical cloud services in your organization.  The first step is to identify services that are enterprise-critical, blessed, and procured, such as Salesforce, Box, Office365, and Google.  Access to those services should require that employees to use their corporate identity and then access to your enterprise\’s account at the service.  For example, their traffic would go to acme.salesforce.com, rather than directly to salesforce.com.   This means that you can then control who has access the account, and what happens to the data sent to this service.

The best practice is to leverage a reverse proxy to encrypt data sent to these services with your enterprise managed encryption keys.  In doing so, you guarantee that even if the provider is compromised, your data will not be.  Finally, you will need to ensure that your control is enforced for on-premise to cloud accesses and for mobile to cloud access.  This should be done without requiring the traffic from those devices to be back-hauled (through a VPN) into your enterprise edge first to avoid introducing user friction.

Doing this will provide 2 distinct advantages.  The first obvious advantage is that even if the service is compromised, your data will not be because you hold the encryption keys.  The second advantage is that in this era of limited data privacy, this encryption guards against a blind government subpoena.  Microsoft, Google, and Box, for example, often receive subpoenas from the government asking for information for a particular company, with a gag order prohibiting them from alerting that company.  By encrypting the data that lives within the cloud, the company can ensure that it is notified of any investigation, as it will need to provide the encryption keys to government investigators.

Implement Data Loss Prevention (DLP) guidelines to avoid compliance risk

Any enterprise that utilizes cloud services should be careful about sending confidential data to the cloud, but if you work in a regulated industry, such as healthcare or financial services you must be extra vigilant.  Within a regulated industry, sending confidential client information to the cloud can result in a serious compliance violation that would damage the reputation of the company and result in serious financial penalties.   Specifically, healthcare companies must comply with HIPPA regulations, banks and financial institutions must comply with PCI guidelines and almost every company must comply with SOX regulations.  Complying with these regulations.  Any company using the cloud must have a DLP strategy in order to comply with these regulations.

Proxies and firewalls cannot protect against the incidental transmission of personal information, so your cloud data security management product should be able to provide DLP functionality to help prevent sending confidential client information to the cloud.

Track progress regularly

Managing the risk of cloud services is not a point in time exercise.  You will need to continually monitor the use of cloud services since new services hit the market daily and your employees will constantly seek the latest tools to help them do their jobs.  In order to drive a successful and quantifiable risk management program you will need to determine which metrics to track and develop a methodology for gathering the data on a regular basis.

Article Source: http://www.articlesbase.com/software-articles/how-to-protect-encrypt-data-and-avoid-data-loss-prevention-on-cloud-6713185.html

About the Author

This article has been brought to you by the Skyhigh Networks cloud visibility and control company. Your cloud data security management product is to be provided with certain DLP functionality to help prevent sending confidential client information to the cloud.. For more information on Cloud Security services, call Skyhigh Networks experts at 1.866.727.8383, or visit http://www.skyhighnetworks.com.

The Benefits of Cloud Storage Australia Services

 Cloud Computing Services  Comments Off on The Benefits of Cloud Storage Australia Services
Aug 022013
 

The Benefits of Cloud Storage Australia Services

Author: Unified IT

Data needs to be stored safely for quicker retrieval when need arises. There are numerous IT services Australia has on offer for companies and businesses that are keen in minimizing risks associated to data loss. There are numerous benefits that come with cloud storage in Australia. First of all, you’ll only be required to purchase the capacity that you require. This means that there is no wastage of resources. Another benefit is that service providers will get your system up and running in a matter of few minutes. The programs are easy to use and seldom necessitate assistance from the representatives of the company.

The Benefits of Cloud Storage Australia Services www.TheCloudComputingAustralia.com-182

The Benefits of Cloud Storage Australia Services

Convenient

Many companies agree that cloud storage Australia is convenient since the data remains within the region. No entity is capable of accessing it in another region outside of Australia. In case you need to share content with your contacts, this option will come in handy in enabling you to do so via email and even social media networking sites. Archiving of important files has also never been easier as it is now. Although the process of uploading, sharing and retrieving data is simple, free live support is still available on a 24-hour basis. This basically includes: – email, live chat and telephone assistance.

Efficient

Cloud backup storage in Australia will also ensure that large data is uploaded efficiently. In such a case, the company will ask you to provide your hard drive so that they can handle the entire process and return the component as soon as the process is complete. Data will be controlled in a much more effective manner because of the reliable high speed access and first class security. There are many features that ensure errors are corrected quickly. The software programs enable users to undo previous actions meaning that any files that are deleted by mistake can be retrieved instantaneously.

Easy to use

In general, the amount of training required for operating the programs is quit minimal. After the initial installation process, the software will function just like the traditional computer hard drive. In addition, there is no need to worry about compatibility issues since the service providers design the cloud storage Australia software to work with PCs, Android and even iPhones. You’ll also enjoy viewing your files just the way they are since there is no need of compressing them prior to uploading them. Now, you have the power of setting privacy controls for all users.

Article Source: http://www.articlesbase.com/data-recovery-articles/the-benefits-of-cloud-storage-australia-services-6531288.html

About the Author

Mike Simmon is a professional author lives in Melbourne, Australia. He loves to write about IT services in Australia. For more information visit unifiedit.com.au.